Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Bullet proof of user history activity
Operating Systems AIX Bullet proof of user history activity Post 302280122 by funksen on Monday 26th of January 2009 04:07:41 AM
Old 01-26-2009
if the employee knows what he is doing, you have no way to find out specific commands to a specific time
check the history file $HOME/.sh_history, if it has been deleted you can see if the employee is trying to hide something

if you delete a specific command from the .sh_history using vi, it's not possible to scroll back since the history file is a special file, check out for this

you can follow his IP-Adress using the "last" command from server to server and see where he was logged in, so you can say if he has been on this server or not

perhaps tell us what you expect he was doing, maybe there is another way


for the future, you can use sudosh, which shows the user input in realtime! you can play it like a movie, including backspace and so on, or put the following entries in /etc/profile, that is what we are doing:

export HISTFILE=/somedir/${LOGNAME}_`date "+%Y%m%d_%H%M%S"`
export HISTSIZE=2000000

the disadvantage of this is, that the user is able to delete this files
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Force user to disconnect if no activity

Does anybody know how to force a user to automatically logoff a UNIX session if there is no keyboard activity for a period of time? We use COBOL and there is a BEFORE TIME option on the ACCEPT command, however, we do not want to change the many programs we have to detect this. What we really... (3 Replies)
Discussion started by: MarkN
3 Replies

2. UNIX for Dummies Questions & Answers

audit user activity - possible?

Hi, I have been asked if it is possible to track the last time a specific user logged in to the sysetm. checked my documentation but can't see it there - google is not being very helpful either. I wonder if someone here can help - it will be much appreciated. Thanks Suresh (1 Reply)
Discussion started by: sureshy
1 Replies

3. Shell Programming and Scripting

SVN activity of certain user

Hi there, I'm looking for some help to get a little script done that shows me (or counts) only the added lines from an SVN repository of one specific user. Anybody has an idea? Thanks, Michael (0 Replies)
Discussion started by: MichaelGiese
0 Replies

4. UNIX for Dummies Questions & Answers

Commands to monitor other user's activity

What commands would you recommend in order to monitor things like when a user logs on to a server, assuming you know that user's name on the server? (2 Replies)
Discussion started by: Sotau
2 Replies

5. UNIX for Advanced & Expert Users

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies

6. UNIX for Dummies Questions & Answers

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies

7. Shell Programming and Scripting

Audit user activity

Need some help in coming up to log all the activity that is used with our common "unix account". Ideally I am looking for to log the activity in a "separate" file for each session or login until the user logout, I would like to capture the date/time and terminal login and record all the ... (3 Replies)
Discussion started by: rajmanna
3 Replies

8. UNIX for Dummies Questions & Answers

How to track user activity?

Hi All Please can you help me with the following issue: A certain vendor installed an application in which for a user to log in; the user must use a user created/predefined by the application. And because this application has more than one user its difficult to track who did what and when,... (6 Replies)
Discussion started by: fretagi
6 Replies

9. UNIX for Advanced & Expert Users

Track activity of a user

Hi All We have a job which writes files to a server at a particular time. The files will be created by a particular user ID Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies

LEARN ABOUT SUSE

tcl_recordandevalobj

Tcl_RecordAndEvalObj(3) 				      Tcl Library Procedures					   Tcl_RecordAndEvalObj(3)

__________________________________________________________________________________________________________________________________________________

NAME

       Tcl_RecordAndEvalObj - save command on history list before evaluating

SYNOPSIS

       #include <tcl.h>

       int
       Tcl_RecordAndEvalObj(interp, cmdPtr, flags)

ARGUMENTS

       Tcl_Interp *interp (in)		Tcl interpreter in which to evaluate command.

       Tcl_Obj *cmdPtr (in)		Points to a Tcl object containing a command (or sequence of commands) to execute.

       int flags (in)			An  OR'ed  combination	of  flag  bits.   TCL_NO_EVAL  means  record  the  command but do not evaluate it.
					TCL_EVAL_GLOBAL means evaluate the command at global level instead of the current stack level.
_________________________________________________________________

DESCRIPTION

       Tcl_RecordAndEvalObj is invoked to record a command as an event on the history list and then execute it using Tcl_EvalObjEx (or Tcl_Global-
       EvalObj	if  the  TCL_EVAL_GLOBAL  bit is set in flags).  It returns a completion code such as TCL_OK just like Tcl_EvalObjEx, as well as a
       result object containing additional information (a result value or error message) that can be retrieved using Tcl_GetObjResult.	If you	do
       not  want  the  command	recorded  on  the  history  list  then	you should invoke Tcl_EvalObjEx instead of Tcl_RecordAndEvalObj.  Normally
       Tcl_RecordAndEvalObj is only called with top-level commands typed by the user, since the purpose of history is to allow	the  user  to  re-
       issue recently invoked commands.  If the flags argument contains the TCL_NO_EVAL bit then the command is recorded without being evaluated.

SEE ALSO

       Tcl_EvalObjEx, Tcl_GetObjResult

KEYWORDS

       command, event, execute, history, interpreter, object, record

Tcl									8.0						   Tcl_RecordAndEvalObj(3)
All times are GMT -4. The time now is 05:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy